Now they can match up who you are with the records stored on file. Everytime you go to a library, then you you show them your ID card which was issued by that particular library. You can think of a session kinda like a library ID card. Then for every HTTP request you get from the client, the session id (given by the client) will point you to the correct session data (stored by the server) that contains the authenticated user id - that way your code will know what user it is talking to. In your specific example, the user id (could be username or another unique ID in your user database) is stored in the session data, server-side, after successful identification. Of course there are other aspects to consider, like you don't want people to hijack other's sessions, you want sessions to not last forever but to expire, and so on. Or you can use the client as a convenient remote storage, but you would encrypt the data and keep the secret server-side. The solution is to store that data server side, give it an "id", and let the client only know (and pass back at every http request) that id. However they are not good in case you don't want that data to be readable/editable on client side. like ) are both suitable ways to transport data between 2 or more request. Need help.īecause HTTP is stateless, in order to associate a request to any other request, you need a way to store user data between HTTP requests.Ĭookies or URL parameters ( for ex. Now the server also stores this session ID in its file system or datastore.īut based on just the session ID, how would it be able to know my username during my subsequent traversal through the site? Does it store the data on the server as a dict where the key would be a session ID and details like username, email etc. However during the entire process the server also generates a session ID which will be stored in a cookie on my browser. In such a case the data will be posted to the server which is supposed to check and log me in if authenticated. ![]() But I have a little confusion regarding sessions, in a session too we store data in a cookie on the user's browser.įor example - I login using username='rasmus' and password='default'. I understand cookies in that they store some info in a key value pair on the browser. I am coming across the terms 'cookies' and 'sessions'. I am just beginning to start learning web application development, using python.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |